Generating Random Passwords in Bash Using Your System's Random Source
Today, we will re-invent the wheel with a simple bash function to generate some passwords and a few hashes as well. Why would I bother coding something when several good programs already exist to perform the same functionality? Well, that’s simple: I use this most on systems where I cannot install software. Any user that has SSH access can edit their own .bashrc , so I decided since random password generation is a daily task I perform at my job and elsewhere, it made sense to have a good way to generate passwords. There are a few hashes you can use this for as well. This function will generate the hash used for cookie authentication in phpMyAdmin and it will also generate the hashes used to secure authentication via Wordpress (to be used in wp-config.php). Paste this function in its entirety into your .bashrc or /etc/profile , /etc/bashrc , /etc/bash.bashrc (wherever you feel it should go):
Now, you can name this whatever you like. There is already a very good program called pwgen which I use quite often, so on my system, this is actually called ‘salpwgen’ to avoid conflicts. Once you have saved this function into your .bashrc, you just need to run the following command to read from .bashrc:
You may notice we’re using /dev/random as the random source. This may cause blocking and take long amounts of time if you don’t have sufficient entropy available. You have two choices in this situation:
You can install an amazing piece of software known as haveged which will automatically push random data into /dev/random which passes all FIPS tests.
You can use /dev/urandom, which is a non-blocking source, but can contain repeats of previously used data (that’s how it prevents from blocking).
The choice is yours, but haveged is highly recommended as you never know when you will need randomness!
If you have any suggestions on ways I can improve my simple password generator, please feel free to leave a comment and I might consider adding a particular password or hash type.
Yet another crap post by: